package org.example.config;

import jakarta.annotation.Resource;
import org.example.exception.MyAccessDeniedHandler;
import org.example.exception.MyAuthenticationEntryPoint;
import org.example.filter.JwtAuthenticationFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.intercept.AuthorizationFilter;

@Configuration
public class SecurityConfiguration {


    @Resource
    private UserDetailsService userDetailsService;

    @Resource
    private JwtAuthenticationFilter jwtAuthenticationFilter;


    @Resource
    private MyAuthenticationEntryPoint myAuthenticationEntryPoint;

    @Resource
    private MyAccessDeniedHandler myAccessDeniedHandler;


    @Bean
    public AuthenticationManager authenticationManager() {
        // 匹配合适的认证管理器AuthenticationProvider
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        // 配置基于数据的认证的UserDetailsService对象
        provider.setUserDetailsService(userDetailsService);
        // 创建并返回认证管理器对象（实现类ProviderManager）
        provider.setPasswordEncoder(passwordEncoder());
        ProviderManager manager = new ProviderManager(provider);
        return manager;
    }









//    @Bean
//    public UserDetailsService userDetailsService() {
//        return new MyUserDetailsService();
//    }



    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(requests -> requests
                .requestMatchers("/login" ).permitAll()
                // 这个用于测试 exception.accessDeniedHandler
                .requestMatchers( "/hello").hasRole("ADMIN")
                        .anyRequest().authenticated())

                // 这儿禁用了默认的登录页面，所以需要手动放行 /login
                .formLogin(form->form.disable())
                // 禁用 LogOutFilter
                .logout(logout->logout.disable())

                .exceptionHandling(exception -> exception.authenticationEntryPoint(myAuthenticationEntryPoint))
                .exceptionHandling(exception -> exception.accessDeniedHandler(myAccessDeniedHandler))

                // 加入过滤器链，放在最后一个过滤器AuthorizationFilter.class之前
                .addFilterBefore(jwtAuthenticationFilter, AuthorizationFilter.class)
                .csrf(csrf -> csrf.disable());

        return http.build();
    }



    // 加密算法,加了个这个算法只有，{noop}就失效了
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }


//    @Bean
//    public NoOpPasswordEncoder passwordEncoder() {
//        return (NoOpPasswordEncoder)NoOpPasswordEncoder.getInstance();
//    }

}
